Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and potentially cau...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service DoS. The vulnerability is due to infinite recursion in the parsesitemap method, which results in an infinite loop that exceeds the maximum recursion depth in Python...

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

CVE-2024-2965

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

LangChain Resource Management Error Vulnerability

LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A resource management error vulnerability exists in LangChain because the parsesitemap method, which is responsible for parsing the sitemap and extracting the URL, lacks a mechani...